import org.sonar.db.component.ComponentDto;
import org.sonar.db.organization.DefaultTemplates;
import org.sonar.db.permission.GroupPermissionDto;
-import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.permission.UserPermissionDto;
import org.sonar.db.permission.template.PermissionTemplateCharacteristicDto;
import org.sonar.db.permission.template.PermissionTemplateDto;
import static java.util.Collections.singletonList;
import static org.sonar.api.security.DefaultGroups.isAnyone;
import static org.sonar.api.web.UserRole.PUBLIC_PERMISSIONS;
+import static org.sonar.db.permission.OrganizationPermission.SCAN;
@ServerSide
public class PermissionTemplateService {
this.defaultTemplatesResolver = defaultTemplatesResolver;
}
- public boolean wouldUserHaveScanPermissionWithDefaultTemplate(DbSession dbSession,
- String organizationUuid, @Nullable Integer userId,
- String projectKey, String qualifier) {
- if (userSession.hasPermission(OrganizationPermission.SCAN, organizationUuid)) {
+ public boolean wouldUserHaveScanPermissionWithDefaultTemplate(DbSession dbSession, String organizationUuid, @Nullable Integer userId, String projectKey) {
+ if (userSession.hasPermission(SCAN, organizationUuid)) {
return true;
}
- ComponentDto dto = new ComponentDto().setOrganizationUuid(organizationUuid).setDbKey(projectKey).setQualifier(qualifier);
- PermissionTemplateDto template = findTemplate(dbSession, organizationUuid, dto);
+ ComponentDto dto = new ComponentDto().setOrganizationUuid(organizationUuid).setDbKey(projectKey).setQualifier(Qualifiers.PROJECT);
+ PermissionTemplateDto template = findTemplate(dbSession, dto);
if (template == null) {
return false;
}
List<String> potentialPermissions = dbClient.permissionTemplateDao().selectPotentialPermissionsByUserIdAndTemplateId(dbSession, userId, template.getId());
- return potentialPermissions.contains(OrganizationPermission.SCAN.getKey());
+ return potentialPermissions.contains(SCAN.getKey());
}
/**
* can be provisioned (so has no permissions yet).
* @param projectCreatorUserId id of the user who creates the project, only if project is provisioned. He will
*/
- public void applyDefault(DbSession dbSession, String organizationUuid, ComponentDto component, @Nullable Integer projectCreatorUserId) {
- PermissionTemplateDto template = findTemplate(dbSession, organizationUuid, component);
+ public void applyDefault(DbSession dbSession, ComponentDto component, @Nullable Integer projectCreatorUserId) {
+ PermissionTemplateDto template = findTemplate(dbSession, component);
checkArgument(template != null, "Cannot retrieve default permission template");
copyPermissions(dbSession, template, component, projectCreatorUserId);
}
- public boolean hasDefaultTemplateWithPermissionOnProjectCreator(DbSession dbSession, String organizationUuid, ComponentDto component) {
- PermissionTemplateDto template = findTemplate(dbSession, organizationUuid, component);
+ public boolean hasDefaultTemplateWithPermissionOnProjectCreator(DbSession dbSession, ComponentDto component) {
+ PermissionTemplateDto template = findTemplate(dbSession, component);
return hasProjectCreatorPermission(dbSession, template);
}
* template for the component qualifier.
*/
@CheckForNull
- private PermissionTemplateDto findTemplate(DbSession dbSession, String organizationUuid, ComponentDto component) {
+ private PermissionTemplateDto findTemplate(DbSession dbSession, ComponentDto component) {
+ String organizationUuid = component.getOrganizationUuid();
List<PermissionTemplateDto> allPermissionTemplates = dbClient.permissionTemplateDao().selectAll(dbSession, organizationUuid, null);
List<PermissionTemplateDto> matchingTemplates = new ArrayList<>();
for (PermissionTemplateDto permissionTemplateDto : allPermissionTemplates) {
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
-import org.sonar.api.resources.Qualifiers;
import org.sonar.api.utils.System2;
import org.sonar.ce.queue.CeQueue;
import org.sonar.ce.queue.CeQueueImpl;
ComponentDto project = newPrivateProjectDto(db.getDefaultOrganization(), PROJECT_UUID).setDbKey(PROJECT_KEY);
mockSuccessfulPrepareSubmitCall();
when(componentUpdater.create(any(), any(), any())).thenReturn(project);
- when(permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(any(), eq(defaultOrganizationUuid), any(), eq(PROJECT_KEY),
- eq(Qualifiers.PROJECT)))
+ when(permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(any(), eq(defaultOrganizationUuid), any(), eq(PROJECT_KEY)))
.thenReturn(true);
Map<String, String> nonEmptyCharacteristics = IntStream.range(0, 1 + new Random().nextInt(5))
.boxed()
ComponentDto project = newPrivateProjectDto(db.getDefaultOrganization(), PROJECT_UUID).setDbKey(PROJECT_KEY);
mockSuccessfulPrepareSubmitCall();
when(componentUpdater.createWithoutCommit(any(), any(), any())).thenReturn(project);
- when(permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(any(), eq(defaultOrganizationUuid), any(), eq(PROJECT_KEY),
- eq(Qualifiers.PROJECT)))
- .thenReturn(true);
+ when(permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(any(), eq(defaultOrganizationUuid), any(), eq(PROJECT_KEY)))
+ .thenReturn(true);
underTest.submit(defaultOrganizationKey, PROJECT_KEY, null, PROJECT_NAME, emptyMap(), IOUtils.toInputStream("{binary}", UTF_8));
ComponentDto createdProject = newPrivateProjectDto(organization, PROJECT_UUID).setDbKey(PROJECT_KEY);
when(componentUpdater.createWithoutCommit(any(), any(), isNull())).thenReturn(createdProject);
when(
- permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(any(), eq(organization.getUuid()), any(), eq(PROJECT_KEY), eq(Qualifiers.PROJECT)))
+ permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(any(DbSession.class), eq(organization.getUuid()), any(), eq(PROJECT_KEY)))
.thenReturn(true);
- when(permissionTemplateService.hasDefaultTemplateWithPermissionOnProjectCreator(any(), eq(organization.getUuid()), any())).thenReturn(true);
+ when(permissionTemplateService.hasDefaultTemplateWithPermissionOnProjectCreator(any(DbSession.class), any(ComponentDto.class))).thenReturn(true);
underTest.submit(organization.getKey(), PROJECT_KEY, null, PROJECT_NAME, emptyMap(), IOUtils.toInputStream("{binary}"));
ComponentDto createdProject = newPrivateProjectDto(db.getDefaultOrganization(), PROJECT_UUID).setDbKey(PROJECT_KEY);
when(componentUpdater.createWithoutCommit(any(), any(), isNull())).thenReturn(createdProject);
- when(permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(any(), eq(defaultOrganizationUuid), any(),
- eq(PROJECT_KEY), eq(Qualifiers.PROJECT)))
- .thenReturn(true);
- when(permissionTemplateService.hasDefaultTemplateWithPermissionOnProjectCreator(any(), eq(defaultOrganizationUuid), any())).thenReturn(false);
+ when(permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(any(DbSession.class), eq(defaultOrganizationUuid), any(), eq(PROJECT_KEY)))
+ .thenReturn(true);
+ when(permissionTemplateService.hasDefaultTemplateWithPermissionOnProjectCreator(any(DbSession.class), any(ComponentDto.class))).thenReturn(false);
mockSuccessfulPrepareSubmitCall();
underTest.submit(defaultOrganizationKey, PROJECT_KEY, null, PROJECT_NAME, emptyMap(), IOUtils.toInputStream("{binary}"));
ComponentDto project = newPrivateProjectDto(db.getDefaultOrganization(), PROJECT_UUID).setDbKey(PROJECT_KEY);
mockSuccessfulPrepareSubmitCall();
when(componentUpdater.createWithoutCommit(any(), any(), any())).thenReturn(project);
- when(permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(any(), eq(defaultOrganizationUuid), any(),
- eq(PROJECT_KEY), eq(Qualifiers.PROJECT)))
- .thenReturn(true);
+ when(permissionTemplateService.wouldUserHaveScanPermissionWithDefaultTemplate(any(DbSession.class), eq(defaultOrganizationUuid), any(), eq(PROJECT_KEY)))
+ .thenReturn(true);
underTest.submit(defaultOrganizationKey, PROJECT_KEY, null, PROJECT_NAME, emptyMap(), IOUtils.toInputStream("{binary}"));
import org.sonar.api.resources.ResourceTypes;
import org.sonar.api.utils.internal.AlwaysIncreasingSystem2;
import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import static java.util.Collections.singletonList;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.db.permission.OrganizationPermission.ADMINISTER;
import static org.sonar.db.permission.OrganizationPermission.PROVISION_PROJECTS;
+import static org.sonar.db.permission.OrganizationPermission.SCAN;
public class PermissionTemplateServiceTest {
dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);
- underTest.applyDefault(session, organization.getUuid(), privateProject, creator.getId());
+ underTest.applyDefault(session, privateProject, creator.getId());
assertThat(selectProjectPermissionsOfGroup(organization, null, privateProject)).isEmpty();
}
underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
assertThat(selectProjectPermissionsOfGroup(organization, null, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
}
@Test
dbTester.permissionTemplates().addAnyoneToTemplate(permissionTemplate, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);
- underTest.applyDefault(session, organization.getUuid(), publicProject, null);
+ underTest.applyDefault(session, publicProject, null);
assertThat(selectProjectPermissionsOfGroup(organization, null, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
}
@Test
underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));
assertThat(selectProjectPermissionsOfGroup(organization, group, privateProject))
- .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
}
@Test
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);
- underTest.applyDefault(session, organization.getUuid(), privateProject, null);
+ underTest.applyDefault(session, privateProject, null);
assertThat(selectProjectPermissionsOfGroup(organization, group, privateProject))
- .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
}
@Test
underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
assertThat(selectProjectPermissionsOfGroup(organization, group, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
}
@Test
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);
- underTest.applyDefault(session, organization.getUuid(), publicProject, null);
+ underTest.applyDefault(session, publicProject, null);
assertThat(selectProjectPermissionsOfGroup(organization, group, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
}
@Test
underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
assertThat(selectProjectPermissionsOfUser(user, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
}
@Test
dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);
- underTest.applyDefault(session, organization.getUuid(), publicProject, null);
+ underTest.applyDefault(session, publicProject, null);
assertThat(selectProjectPermissionsOfUser(user, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
}
@Test
underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));
assertThat(selectProjectPermissionsOfUser(user, privateProject))
- .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
}
@Test
dbTester.permissionTemplates().addUserToTemplate(permissionTemplate, user, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);
- underTest.applyDefault(session, organization.getUuid(), privateProject, null);
+ underTest.applyDefault(session, privateProject, null);
assertThat(selectProjectPermissionsOfUser(user, privateProject))
- .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
}
@Test
dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);
- underTest.applyDefault(session, organization.getUuid(), publicProject, user.getId());
+ underTest.applyDefault(session, publicProject, user.getId());
assertThat(selectProjectPermissionsOfUser(user, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
}
@Test
dbTester.permissionTemplates().addProjectCreatorToTemplate(permissionTemplate, "p1");
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);
- underTest.applyDefault(session, organization.getUuid(), privateProject, user.getId());
+ underTest.applyDefault(session, privateProject, user.getId());
assertThat(selectProjectPermissionsOfUser(user, privateProject))
- .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.CODEVIEWER, UserRole.USER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, SCAN.getKey());
}
@Test
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, PROVISION_PROJECTS.getKey());
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);
- underTest.applyDefault(session, organization.getUuid(), view, null);
+ underTest.applyDefault(session, view, null);
assertThat(selectProjectPermissionsOfGroup(organization, group, view))
.containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, PROVISION_PROJECTS.getKey());
dbTester.organizations().setDefaultTemplates(organization, projectPermissionTemplate.getUuid(), appPermissionTemplate.getUuid(), null);
- underTest.applyDefault(session, organization.getUuid(), view, null);
+ underTest.applyDefault(session, view, null);
assertThat(selectProjectPermissionsOfGroup(organization, group, view))
.containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().addGroupToTemplate(portPermissionTemplate, group, PROVISION_PROJECTS.getKey());
dbTester.organizations().setDefaultTemplates(organization, projectPermissionTemplate.getUuid(), null, portPermissionTemplate.getUuid());
- underTest.applyDefault(session, organization.getUuid(), view, null);
+ underTest.applyDefault(session, view, null);
assertThat(selectProjectPermissionsOfGroup(organization, group, view))
.containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, PROVISION_PROJECTS.getKey());
dbTester.organizations().setDefaultTemplates(organization, projectPermissionTemplate.getUuid(), null, null);
- underTest.applyDefault(session, organization.getUuid(), view, null);
+ underTest.applyDefault(session, view, null);
assertThat(selectProjectPermissionsOfGroup(organization, group, view)).containsOnly(PROVISION_PROJECTS.getKey());
}
dbTester.permissionTemplates().addGroupToTemplate(permissionTemplate, group, PROVISION_PROJECTS.getKey());
dbTester.organizations().setDefaultTemplates(organization, permissionTemplate.getUuid(), null, null);
- underTest.applyDefault(session, organization.getUuid(), application, null);
+ underTest.applyDefault(session, application, null);
assertThat(selectProjectPermissionsOfGroup(organization, group, application))
.containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().addGroupToTemplate(appPermissionTemplate, group, PROVISION_PROJECTS.getKey());
dbTester.organizations().setDefaultTemplates(organization, projectPermissionTemplate.getUuid(), appPermissionTemplate.getUuid(), portPermissionTemplate.getUuid());
- underTest.applyDefault(session, organization.getUuid(), application, null);
+ underTest.applyDefault(session, application, null);
assertThat(selectProjectPermissionsOfGroup(organization, group, application))
.containsOnly(ADMINISTER.getKey(), PROVISION_PROJECTS.getKey());
dbTester.permissionTemplates().addGroupToTemplate(projectPermissionTemplate, group, PROVISION_PROJECTS.getKey());
dbTester.organizations().setDefaultTemplates(organization, projectPermissionTemplate.getUuid(), null, null);
- underTest.applyDefault(session, organization.getUuid(), application, null);
+ underTest.applyDefault(session, application, null);
assertThat(selectProjectPermissionsOfGroup(organization, group, application)).containsOnly(PROVISION_PROJECTS.getKey());
}
dbTester.users().insertMember(group, user);
PermissionTemplateDto template = templateDb.insertTemplate(organization);
dbTester.organizations().setDefaultTemplates(template, null, null);
- templateDb.addProjectCreatorToTemplate(template.getId(), SCAN_EXECUTION);
+ templateDb.addProjectCreatorToTemplate(template.getId(), SCAN.getKey());
templateDb.addUserToTemplate(template.getId(), user.getId(), UserRole.USER);
templateDb.addGroupToTemplate(template.getId(), group.getId(), UserRole.CODEVIEWER);
templateDb.addGroupToTemplate(template.getId(), null, UserRole.ISSUE_ADMIN);
}
private void checkWouldUserHaveScanPermission(OrganizationDto organization, @Nullable Integer userId, boolean expectedResult) {
- assertThat(underTest.wouldUserHaveScanPermissionWithDefaultTemplate(session, organization.getUuid(), userId, "PROJECT_KEY", Qualifiers.PROJECT))
+ assertThat(underTest.wouldUserHaveScanPermissionWithDefaultTemplate(session, organization.getUuid(), userId, "PROJECT_KEY"))
.isEqualTo(expectedResult);
}
projects / sonarqube.git / commitdiff